ISC Tech Notes
ISC Technical Note Series
These technical notes describe findings or methodologies in use at ISC that may
be of use to other members of the Internet technical community.
- ISC-TN-2008-1 · BIND 9 performance serving large zones under
update · [html]
This Technical Note reports the final results of the joint ISC/CAIDA
project to measure the performance of DNS protocols using commodity hardware
and open-source software. This work was sponsored in part by the National Science
Foundation via grant NSF OARC DNS SCI CISE SCI-0427144.
- ISC-TN-2007-1 · Setting up BIND to Run as a Recursive Nameserver · [text] [html]
This Technical Note instructs a moderately-experienced systems administrator
on the steps necessary to quickly set up a recursive (caching-only) nameserver
for use on a system or trusted local network.
- ISC-TN-2006-2 · DNS Performance Testbed Design · [text] [html]
Internet Systems Consortium (ISC) is building a testbed that will
be used to make full-scale measurements of the performance of DNS servers and
protocols on the same scale as global root and TLD servers. This brief document
describes the design of that testbed and explains the various design decisions.
This work is sponsored in part by the National Science Foundation via grant
NSF OARC DNS SCI CISE SCI-0427144.
- ISC-TN-2006-1 · DNSSEC Lookaside Validation (DLV) · [text] [html]
Domain Name System Security (DNSSEC) relies on a top-down certification
chain whereby security information about each zone is introduced by its parent.
This memo describes an instance of local policy whereby security information
can be introduced by cooperating third parties, thus enabling deployment of
DNSSEC in zones whose parents are not yet secure. This is an early deployment
aid, and is not intended to replace DNSSEC's top-down certification chain.
- ISC-TN-2004-2 · The role of the Domain Name System in the
development of new Internet services · [html]
The Domain Name System is nearly 20 years old. New Internet services
place new demands on it. It has been common in the past to satisfy demands
on the DNS by exploiting loopholes in its specification. We propose that a
more-sound implementation technique for a new service would be a combination
of using a new top-level domain (TLD) and using that TLD to identify the principal
service type, so that it would not be confused with existing services such
as the World Wide Web or email.
- ISC-TN-2004-1 · A Software Approach to Distributing Requests
for DNS Service · [text] [html]
This paper describes an approach for deploying authoritative name
servers using a cluster of hosts, across which the load of client requests
is distributed. DNS services deployed in this fashion enjoy high availability
and are also able to scale to increasing request loads in a straightforward
- ISC-TN-2003-1 · Hierarchical Anycast for Global Service Distribution · [text] [html]
This document describes an approach which allows a particular service
on the Internet to be distributed, such that the service can be implemented
by geographically and topologically dispersed components. By distributing components
in this manner a stable service may be provided to a wide audience even in
the event of serious problems which cause individual components of the distributed
service infrastructure to fail or otherwise become unavailable.
- ISC-TN-2002-2 · Running An Authoritative-Only BIND Nameserver · [text] [html]
Nameservers (BIND) fulfill two functions: serving authoritative
data for delegated zones, and relaying queries and responses for non-authoritative
zones. In the interest of security, operators generally should not use a single
nameserver for both functions. This note explains why, and how, you should
configure BIND to implement these functions separately.
- ISC-TN-2002-1 · Using DNAME to rename IP6.INT · [text] [html]
Various political and technical pressures have recently led to the
deprecation of the IP6.INT name space in favour of IP6.ARPA. This makes IPv6
PTR data management difficult, since interim clients will search IP6.INT while
standard clients will search IP6.ARPA. We present a simple method based on
DNAME RR's (see [RFC2672]) and ISC BIND9 whereby zone information can be managed
in a single location and then made visible in two namespaces.
- BIND 10
- Other Software Projects
- security advisories
- software forums
- ABOUT ISC